1
mirror of https://github.com/jakejarvis/hugo-docker.git synced 2025-10-26 05:15:50 -04:00

Compare commits

..

76 Commits

Author SHA1 Message Date
snyk-bot
42de4d2c48 fix: Dockerfile to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6152404
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6152404
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6160000
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6160000
2024-01-25 06:44:16 +00:00
renovate[bot]
49de69b30e Update actions/cache action to v4 2024-01-17 19:11:51 +00:00
renovate[bot]
1d30ce8bcb Update dependency jgm/pandoc to v3.1.11 2023-12-16 10:19:55 +00:00
renovate[bot]
b2ab6f0041 Update dependency jgm/pandoc to v3.1.10 2023-12-13 07:17:49 +00:00
renovate[bot]
3758f9cad1 Update dependency jgm/pandoc to v3.1.9 2023-10-28 03:19:15 +00:00
renovate[bot]
7f24c16703 Update actions/checkout digest to b4ffde6 2023-10-19 15:01:46 +00:00
renovate[bot]
c8d6cbb13a Update actions/checkout digest to 8ade135 2023-09-22 23:00:54 +00:00
renovate[bot]
16b4f6cdd4 Update docker/setup-qemu-action action to v3 2023-09-12 18:26:44 +00:00
renovate[bot]
06258ba98b Update docker/setup-buildx-action action to v3 2023-09-12 16:00:43 +00:00
renovate[bot]
846307e4c8 Update docker/login-action action to v3 2023-09-12 13:38:05 +00:00
renovate[bot]
974cf9f787 Update docker/build-push-action action to v5 2023-09-12 11:01:01 +00:00
renovate[bot]
5169e3ddfa Update dependency jgm/pandoc to v3.1.8 2023-09-09 21:02:29 +00:00
renovate[bot]
65507b8300 Update actions/checkout action to v4 2023-09-04 15:32:54 +00:00
renovate[bot]
4a14b72e5b Update golang Docker tag to v1.21 2023-09-01 11:36:20 +00:00
renovate[bot]
8305e01188 Update dependency jgm/pandoc to v3.1.7 2023-09-01 00:24:10 +00:00
renovate[bot]
81a93ea44d Update dependency jgm/pandoc to v3.1.6 2023-07-21 19:49:13 +00:00
renovate[bot]
d4dab75ac4 Update dependency jgm/pandoc to v3.1.5 2023-07-07 23:18:29 +00:00
renovate[bot]
c8c26d1fb7 Update dependency jgm/pandoc to v3.1.4 2023-06-25 03:55:13 +00:00
renovate[bot]
ff4c4d46af Update dependency jgm/pandoc to v3.1.3 2023-06-07 09:36:50 +00:00
e2ba706deb Hugo v0.113.0 2023-06-06 11:15:42 -04:00
59a94508dc Hugo v0.112.7 2023-06-06 11:15:22 -04:00
421a334f8c Hugo v0.112.6 2023-06-06 11:15:15 -04:00
21d629e15c Hugo v0.112.5 2023-06-06 11:14:48 -04:00
391c858bed Hugo v0.112.4 2023-06-06 11:13:23 -04:00
ba3a3969b7 Update renovate.json 2023-05-25 18:27:56 -04:00
af6f3b8139 Hugo v0.112.3 2023-05-25 16:36:13 -04:00
669722c47a Hugo v0.112.2 2023-05-25 12:12:03 -04:00
e98baa7dc4 Hugo v0.112.1 2023-05-25 10:55:48 -04:00
755a524c55 Hugo v0.112.0 2023-05-25 09:47:31 -04:00
renovate[bot]
18e51db24a Update alpine Docker tag to v3.18 2023-05-10 05:03:35 +00:00
renovate[bot]
ebe3e97c81 Update dependency sass/dart-sass-embedded to v1.62.1 2023-04-26 07:49:31 +00:00
renovate[bot]
22e644d81d Update dependency sass/dart-sass-embedded to v1.62.0 2023-04-12 06:17:40 +00:00
renovate[bot]
4d1191ce2b Update dependency sass/dart-sass-embedded to v1.60.0 2023-03-24 02:13:04 +00:00
9b9a34e059 automatically build & push on new Hugo releases 2023-03-15 12:31:58 -04:00
renovate[bot]
3d5a32a41a Configure Renovate (#5)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Jake Jarvis <jake@jarv.is>
2023-03-15 09:59:24 -04:00
bdfadabde1 Hugo v0.111.3 2023-03-12 09:02:25 -04:00
ad2b89ae8e Hugo v0.111.2 2023-03-07 08:13:19 -05:00
ad10482235 Hugo v0.111.1 2023-03-02 10:44:11 -05:00
4a98dad700 Hugo v0.111.0 (and Alpine v3.17) 2023-03-02 10:43:40 -05:00
Greg Baker
e91bc2ed98 This commit fixes a failure scenario caused when the UID of the user within the hugo-extended container does not match the UID or GID of the respective user and group ownership assigned to the files and directories in the volume mounted to /src.
The failure occurs when a git operation triggers recently added safe directory checks to alert the user when there is a UID or GID mismatch.  Because the ENTRYPOINT of the hugo-extended container is a call to `hugo`, there is no ability for the end user of the container to tell git to trust the /src directory before hugo is started.

It is possible to override the UID and GID when using the container, but this causes permission errors and does not seem like a user-friendly path forward.

After this change, the hugo-extended container will contain a global git configuration to trust the /src directory.  This may have security implications that have not been considered, but since only the project directory is mounted to /src, this approach seems to respect the intent of git safe directory checks.
2023-03-02 10:36:36 -05:00
048f5d17f2 Hugo v0.110.0 2023-01-17 10:44:12 -05:00
5c457e33fe bump GH actions 2023-01-17 10:44:09 -05:00
0a8ca90615 Hugo v0.109.0 2022-12-23 09:59:58 -05:00
8b514c58d7 Hugo v0.108.0 2022-12-06 13:35:43 -05:00
20f98c58b7 Hugo v0.107.0 2022-11-24 15:31:29 -05:00
a10483b36a Hugo v0.106.0 2022-11-17 13:58:35 -05:00
e5a6870534 Hugo v0.105.0 2022-10-28 09:15:18 -04:00
62b12c0d22 Hugo v0.104.3 2022-10-04 12:07:52 -04:00
df27582975 Hugo v0.104.2 2022-09-29 10:58:16 -04:00
6cc3f39751 Hugo v0.104.1 2022-09-26 20:11:22 -04:00
8540c876dd Hugo v0.104.0 2022-09-23 11:32:05 -04:00
e806604521 Hugo v0.103.1 2022-09-18 14:05:41 -04:00
7fc2ac2b8e Hugo v0.103.0 2022-09-15 15:15:44 -04:00
56a30dab8f build with go 1.19 2022-09-06 14:20:06 -04:00
f49e3b1dcd Hugo v0.102.3 2022-09-01 08:06:03 -04:00
2de4b89509 Hugo v0.102.2 2022-08-31 16:15:55 -04:00
10103bce3b Hugo v0.102.1 2022-08-29 10:50:24 -04:00
fcb292357c Hugo v0.102.0 2022-08-28 16:24:46 -04:00
61fa24ed38 switch from mage to go build so go and alpine can be bumped 2022-07-29 13:44:08 -04:00
250387c4f1 Hugo v0.101.0 2022-06-16 07:25:39 -04:00
6e5386c78a Hugo v0.100.2 2022-06-08 17:54:57 -04:00
86af318435 Hugo v0.100.1 2022-06-01 17:14:47 -04:00
5bbac6174f Hugo v0.100.0 2022-05-31 17:09:32 -04:00
9fc7783e5a Hugo v0.99.1 2022-05-18 09:25:21 -04:00
4f26d81802 Hugo v0.99.0 2022-05-16 08:47:28 -04:00
de42257aa2 Hugo v0.98.0 2022-04-28 12:15:48 -04:00
e10c7362c7 Hugo v0.97.3 2022-04-18 17:24:14 -04:00
5bd125e947 Hugo v0.97.2 2022-04-17 11:48:20 -04:00
92aeed4a00 Hugo v0.97.1 2022-04-16 13:38:23 -04:00
23cd994860 Hugo v0.97.0 2022-04-14 09:16:05 -04:00
5bbdb9ba12 Hugo v0.96.0 2022-03-26 13:36:59 -04:00
b69006cb54 Hugo v0.95.0 (with fixes for Go 1.18) 2022-03-16 21:25:36 -04:00
f0b59209e5 Hugo v0.94.2 2022-03-12 08:58:35 -05:00
061289816b Hugo v0.94.1 2022-03-11 12:04:03 -05:00
e59900daaa Hugo v0.94.0 2022-03-10 09:30:02 -05:00
92748c6c0f Hugo v0.93.3 2022-03-08 10:26:46 -05:00
4 changed files with 97 additions and 56 deletions

View File

@@ -4,79 +4,89 @@ on:
push:
branches:
- master
tags:
- 'v*'
pull_request:
branches:
- master
merge_group:
workflow_dispatch:
# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-only-cancel-in-progress-jobs-or-runs-for-the-current-workflow
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
env:
HUB_IMAGE: jakejarvis/hugo-extended
GHCR_IMAGE: ghcr.io/jakejarvis/hugo-extended
jobs:
docker:
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, '[skip ci]')"
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Prepare tags
id: tag
env:
HUB_IMAGE: jakejarvis/hugo-extended
GHCR_IMAGE: ghcr.io/jakejarvis/hugo-extended
run: |
TAGS="${HUB_IMAGE}:latest,${GHCR_IMAGE}:latest"
# If triggered by a new tag, add a version tag to the image
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
TAGS="$TAGS,${HUB_IMAGE}:${VERSION},${GHCR_IMAGE}:${VERSION}"
fi
# Set output parameters
echo ::set-output name=tags::${TAGS}
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@master
with:
platforms: all
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: ${{ github.ref == 'refs/heads/master' }}
uses: docker/login-action@v3
with:
username: jakejarvis
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Login to GitHub Container Registry
if: ${{ github.ref == 'refs/heads/master' }}
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR_PAT }}
- name: Cache Docker layers
uses: actions/cache@v2
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
username: jakejarvis
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Login to GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR_PAT }}
- name: Parse Hugo version
id: parse_version
run: |
HUGO_VERSION="$(grep -oP '(?<=^ARG HUGO_VERSION=).+$' Dockerfile)"
echo "HUGO_VERSION=$HUGO_VERSION" >> $GITHUB_OUTPUT
- name: Build and push
id: build
uses: docker/build-push-action@v2
uses: docker/build-push-action@v5
with:
builder: ${{ steps.buildx.outputs.name }}
context: ./
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.tag.outputs.tags }}
push: ${{ github.ref == 'refs/heads/master' }}
tags: "${{ env.HUB_IMAGE }}:latest,${{ env.GHCR_IMAGE }}:latest,${{ env.HUB_IMAGE }}:${{ steps.parse_version.outputs.HUGO_VERSION }},${{ env.GHCR_IMAGE }}:${{ steps.parse_version.outputs.HUGO_VERSION }}"
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
- name: Image digest
run: echo ${{ steps.build.outputs.digest }}
- name: Update hub description
uses: peter-evans/dockerhub-description@v3
if: ${{ github.ref == 'refs/heads/master' }}
with:
username: jakejarvis
password: ${{ secrets.DOCKER_HUB_TOKEN }}
repository: ${{ env.HUB_IMAGE }}
short-description: "✏️ Hugo Extended for x64 and ARM64 with PostCSS, Babel, Pandoc, and more baked in."
readme-filepath: ./README.md
enable-url-completion: true

View File

@@ -1,15 +1,14 @@
# the following version can be overridden at image build time with --build-arg
ARG HUGO_VERSION=0.93.2
# renovate: datasource=github-releases depName=gohugoio/hugo
ARG HUGO_VERSION=0.113.0
# remove/comment the following line completely to compile vanilla Hugo:
ARG HUGO_BUILD_TAGS=extended
# Hugo >= v0.81.0 requires Go 1.16+ to build
ARG GO_VERSION=1.17
ARG ALPINE_VERSION=3.15
# ---
FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS build
# Hugo >= v0.81.0 requires Go 1.16+ to build
FROM golang:1.21-alpine3.18 AS build
# renew global args from above
# https://docs.docker.com/engine/reference/builder/#scope
@@ -28,8 +27,7 @@ RUN apk add --update --no-cache \
gcc \
g++ \
musl-dev \
git && \
go get github.com/magefile/mage
git
# clone source from Git repo:
RUN git clone \
@@ -38,23 +36,27 @@ RUN git clone \
--depth 1 \
https://github.com/gohugoio/hugo.git ./
RUN mage -v hugo && mage install
# https://github.com/gohugoio/hugo/commit/241481931f5f5f2803cd4be519936b26d8648dfd
RUN go build -v -ldflags "-X github.com/gohugoio/hugo/common/hugo.vendorInfo=docker" -tags "$HUGO_BUILD_TAGS" && \
mv ./hugo /go/bin/hugo
# fix potential stack size problems on Alpine
# https://github.com/microsoft/vscode-dev-containers/blob/fb63f7e016877e13535d4116b458d8f28012e87f/containers/hugo/.devcontainer/Dockerfile#L19
RUN go get github.com/yaegashi/muslstack && \
RUN go install github.com/yaegashi/muslstack@latest && \
muslstack -s 0x800000 /go/bin/hugo
# ---
FROM alpine:${ALPINE_VERSION}
FROM alpine:3
# renew global args from above & pin any dependency versions
ARG HUGO_VERSION
# https://github.com/jgm/pandoc/releases
ARG PANDOC_VERSION=2.17.1.1
# renovate: datasource=github-releases depName=jgm/pandoc
ARG PANDOC_VERSION=3.1.11
# https://github.com/sass/dart-sass-embedded/releases
ARG DART_SASS_VERSION=1.49.9
# renovate: datasource=github-releases depName=sass/dart-sass-embedded
ARG DART_SASS_VERSION=1.62.1
LABEL version="${HUGO_VERSION}"
LABEL repository="https://github.com/jakejarvis/hugo-docker"
@@ -121,6 +123,8 @@ RUN set -euo pipefail && \
fi && \
# clean up some junk
rm -rf /tmp/* /var/tmp/* /var/cache/apk/* && \
# tell git to trust /src
git config --global --add safe.directory /src && \
# make super duper sure that everything went OK, exit otherwise
hugo env && \
go version && \

View File

27
renovate.json Normal file
View File

@@ -0,0 +1,27 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
],
"automerge": true,
"platformAutomerge": true,
"regexManagers": [
{
"fileMatch": [
"^Dockerfile$"
],
"matchStrings": [
"# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?( registryUrl=(?<registryUrl>.*?))?\\s.*?_VERSION=(?<currentValue>.*)\\s"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
}
],
"packageRules": [
{
"matchFiles": [
"^Dockerfile$"
],
"extractVersion": "^v(?<version>.*)$"
}
]
}